Outils pour utilisateurs

Outils du site


ctf:public:hackover2016:tiny_backdoor_v1

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

Les deux révisions précédentes Révision précédente
ctf:public:hackover2016:tiny_backdoor_v1 [2016/10/17 06:28]
arthaum
ctf:public:hackover2016:tiny_backdoor_v1 [2016/10/17 06:29] (Version actuelle)
arthaum
Ligne 36: Ligne 36:
 </code> </code>
  
-I am using the fact thatwhen the shellcode is called, the stack contains the returned address (that I pop in rbp), and then lots of zeros. Thus, ''pop rax; pop rdi'' just set ''rax = rdi = 0''. Also, ''rsi'' already contains ''0x600136'' so no need to change it.+I am using the fact that when the shellcode is called, the stack contains the returned address (that I pop in rbp), and then lots of zeros. Thus, ''pop rax; pop rdi'' just set ''rax = rdi = 0''. Also, ''rsi'' already contains ''0x600136'' so no need to change it.
  
 Finally, I wrote my second shellcode. It just calls ''execve("/bin/sh", 0, 0)''. Note that the string ''/bin/sh'' is located in the second payload and ends up being at the address ''0x600180''. Here is my second shellcode: Finally, I wrote my second shellcode. It just calls ''execve("/bin/sh", 0, 0)''. Note that the string ''/bin/sh'' is located in the second payload and ends up being at the address ''0x600180''. Here is my second shellcode:
ctf/public/hackover2016/tiny_backdoor_v1.txt · Dernière modification: 2016/10/17 06:29 de arthaum